Add TLS disable check helper

Implement as exemplified TODO for Mac
tryphotino · Feb 11, 2023 · 9d379d5 · 9d379d5
1 parent 24be1c5
commit 9d379d5
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 1 deletion.
diff --git a/Photino.Native/Exports.cpp b/Photino.Native/Exports.cpp
@@ -220,6 +220,11 @@ extern "C"
 		instance->WaitForExit();
 	}
 
+	EXPORTED void Photino_DisableTLSCheck(Photino* instance)
+	{
+		instance->DisableTLSCheck();
+	}
+
 
 
 	//Callbacks

diff --git a/Photino.Native/Photino.Linux.cpp b/Photino.Native/Photino.Linux.cpp
@@ -547,6 +547,12 @@ void Photino::WaitForExit()
 	gtk_main();
 }
 
+void Photino::DisableTLSCheck()
+{
+  auto web_context = webkit_web_context_get_default();
+  auto data_manager = webkit_web_context_get_website_data_manager(web_context);
+  webkit_website_data_manager_set_tls_errors_policy(data_manager, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+}
 
 
 

diff --git a/Photino.Native/Photino.Mac.mm b/Photino.Native/Photino.Mac.mm
@@ -519,6 +519,12 @@ void EnsureInvoke(dispatch_block_t block)
     [NSApp run];
 }
 
+void Photino::DisableTLSCheck()
+{
+    // TODO
+    // See https://stackoverflow.com/questions/27100540/allow-unverified-ssl-certificates-in-wkwebview
+}
+
 //Callbacks
 void Photino::GetAllMonitors(GetAllMonitorsCallback callback)
 {

diff --git a/Photino.Native/Photino.Windows.cpp b/Photino.Native/Photino.Windows.cpp
@@ -42,6 +42,12 @@ struct ShowMessageParams
 };
 
 
+static bool AlwaysValidateServerCertificate(ICoreWebView2Certificate* certificate)
+{
+	return true;
+}
+
+
 void Photino::Register(HINSTANCE hInstance)
 {
 	InitDarkModeSupport();
@@ -670,7 +676,32 @@ void Photino::WaitForExit()
 	}
 }
 
-
+void Photino::DisableTLSCheck()
+{
+	// Only from webview 14 upwards - see:
+	// https://github.com/MicrosoftEdge/WebView2Samples/blob/1710d535e895ed9c24196c5482e990e10d7285c7/SampleApps/WebView2APISample/SettingsComponent.cpp#L1445
+	EventRegistrationToken m_ServerCertificateErrorToken = {};
+	auto webview14 = _webviewWindow.try_query<ICoreWebView2_14>();
+	webview14->add_ServerCertificateErrorDetected(
+		Callback<ICoreWebView2ServerCertificateErrorDetectedEventHandler>([this](ICoreWebView2* sender, ICoreWebView2ServerCertificateErrorDetectedEventArgs* args) {
+			COREWEBVIEW2_WEB_ERROR_STATUS errorStatus;
+			if (SUCCEEDED(args->get_ErrorStatus(&errorStatus))) {
+				wil::com_ptr<ICoreWebView2Certificate> certificate = nullptr;
+				if (SUCCEEDED(args->get_ServerCertificate(&certificate))) {
+					if (errorStatus == COREWEBVIEW2_WEB_ERROR_STATUS_CERTIFICATE_IS_INVALID && AlwaysValidateServerCertificate(certificate.get()))
+					{
+						args->put_Action(COREWEBVIEW2_SERVER_CERTIFICATE_ERROR_ACTION_ALWAYS_ALLOW);
+					}
+					else
+					{
+						args->put_Action(COREWEBVIEW2_SERVER_CERTIFICATE_ERROR_ACTION_CANCEL);
+					}
+				}
+			}
+			return S_OK;
+		}
+	).Get(), &m_ServerCertificateErrorToken);
+}
 
 
 

diff --git a/Photino.Native/Photino.h b/Photino.Native/Photino.h
@@ -218,6 +218,8 @@ class Photino
 	void ShowNotification(AutoString title, AutoString message);
 	void WaitForExit();
 
+	void DisableTLSCheck();
+
 	//Callbacks
 	void AddCustomSchemeName(AutoString scheme) { _customSchemeNames.push_back((AutoString)scheme); };
 	void GetAllMonitors(GetAllMonitorsCallback callback);